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DETAILED ACTION 

This office action is in response to application filed on May 30, 2006 in which claims 11- 
22 are presented for examination. 

Status of Claims 

Claims 1-22 are pending; of which claims 11, 19, and 20 are in independent form. Claims 
1-10 are canceled. Claim 21 is rejected under 35 U.S.C. 101. Claims 1 1 and 19-22 are rejected 
under 35 U.S.C 102(a). Claims 12-18 are rejected under 35 U.S.C. 103(a). 

Information Disclosure Statement 
4. The information disclosure statement filed May 30, 2006 fails to comply with 37 CFR 
1 .98(a)(2), which requires a legible copy of each cited foreign patent document; each non-patent 

literature publication or that portion which caused it to be listed; and all other information or that 
portion which caused it to be listed. It has been placed in the application file, but the information 
referred to therein has not been considered. 

Drawings 

Fig. 1, and 4-6 are objected to because no translation of the text matter has been provided 
with the drawings. According to Rule 49.5(d) under Regulations Under the Patent Cooperation 
Treaty, if any drawing contains text matter, the translation of that text matter shall be furnished 
either in the form of a copy of the original drawing with the translation pasted on the original text 
matter or in the form of a drawing executed anew. 
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Specification 

The following guidelines illustrate the preferred layout for the specification of a utility 
application. These guidelines are suggested for the applicant's use. 



Arrangement of the Specification 

As provided in 37 CFR 1.77(b), the specification of a utility application should include 
the following sections in order. Each of the lettered items should appear in upper case, without 
underlining or bold type, as a section heading. If no text follows the section heading, the phrase 
"Not Applicable" should follow the section heading: 

(a) TITLE OF THE INVENTION. 

(b) CROSS-REFERENCE TO RELATED APPLICATIONS. 

(c) STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR 

DEVELOPMENT. 

(d) THE NAMES OF THE PARTIES TO A JOINT RESEARCH AGREEMENT. 

(e) INCORPORATION-BY-REFERENCE OF MATERIAL SUBMITTED ON A 

COMPACT DISC. 

(f) BACKGROUND OF THE INVENTION. 

(1) Field of the Invention. 

(2) Description of Related Art including information disclosed under 37 CFR 1.97 
and 1.98. 

(g) BRIEF SUMMARY OF THE INVENTION. 

(h) BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING(S). 

(i) DETAILED DESCRIPTION OF THE INVENTION. 

(j) CLAIM OR CLAIMS (commencing on a separate sheet). 

(k) ABSTRACT OF THE DISCLOSURE (commencing on a separate sheet). 

(1) SEQUENCE LISTING (See MPEP § 2424 and 37 CFR 1.821-1.825. A "Sequence 
Listing" is required on paper if the application discloses a nucleotide or amino 
acid sequence as defined in 37 CFR 1.821(a) and if the required "Sequence 
Listing" is not submitted as an electronic document on compact disc). 



Examiner identified all the necessary sections of the application, however, none of the 
sections were labeled appropriately. 
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Claim Objections 

5. Claim 1 1 is objected to because of the following informalities: applicant recites 
"calculating a delay that is an increasing function of the bit rate of a stream coming from a 
machine." However, a stream of data packets is already defined in the preamble of given claim. 

The applicant is encouraged to replace "a stream coming from a machine" with "said stream 
coming from a machine" to avoid potential indefiniteness issues as defined under 35 U.S.C. 1 12. 
Appropriate correction is required. 

6. Claim 20 is objected to because of the following informalities: applicant recites "an 
increasing frinction of said bit rate." However, there are no prior references to a bit rate of a 
sfream of data packets. The applicant is encouraged to replace reference to "said bit rate" with 
"the bit rate of said sfream of data packets." 

Appropriate correction is required. 

Claim Rejections - 35 USC § 112 

7. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

8. Claims 11, 15, 17, and 20 are rejected under 35 U.S.C. 1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 
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With respect to claim 11, applicant claims "a method of preventing illegitimate use of a 
network protocol" while the remainder of the claim only addresses calculating the delay of the 
packets before releasing them. 

With respect to claims 15 and 17, applicant claims "a predefined value" in claim 15 and 
"a maximum value" in claim 17. Both claims are dependent upon claim 11, which does not 
define either of the values. However, in claim 14 applicant claims "a maximum permissible 
value (CPTMAXn)". Examiner assumes that "a predefined value" and "a maximum value" are 
the same as "a maximum permissible value (CPTMAXn)." 

Furthermore, with respect to claim 17, applicant claims "a step of producing and sending 
an alarm." However, it is not apparent fi-om the claim language who is the intended receiver of 
the claimed alarm. 

With respect to claim 20, applicant claims "a telecommunication system adapted to 
process data traffic." The applicant, however, fails to sufficiently define how such system needs 
to be adapted in order to employ the claimed invention. 

9. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 
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Claim 20 is rejected under 35 U.S.C. 1 12, first paragraph, as failing to comply with the 
enablement requirement. The claim contains subject matter which was not described in the 
specification in such a way as to enable one skilled in the art to which it pertains, or with which 
it is most nearly connected, to make and/or use the invention. 

Claim 20 is a single means claim. The single means claim, i.e., where a means recitation 
does not appear in combination with another recited element of means, is subject to an undue 
breadth rejection under 35 U.S.C. 1 12, first paragraph. In re Hyatt, 708 F.2d 712, 714-715, 218 
USPQ 195, 197 (Fed. Cir. 1983) (A single means claim which covered every conceivable means 
for achieving the stated purpose was held nonenabling for the scope of the claim because the 
specification disclosed at most only those means known to the inventor.). When claims depend 
on a recited property, a fact situation comparable to Hyatt is possible, where the claim covers 
every conceivable structure (means) for achieving the stated property (result) while the 
specification discloses at most only those known to the inventor. 



Claim Rejections - 35 USC § 101 
4. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 

requirements of this title. 

Claims 21-22 are rejected under 35 U.S.C. 101 because the claimed invention is directed 
to non-statutory subject matter. 

Claim 21 recites "a computer program" which is clearly a functional descriptive 
material, software, per se. When recorded on some computer-readable medium it becomes 
structurally and fimctionally interrelated to the medium and will be statutory in most cases since 
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use of technology permits the function of the descriptive material to be realized. However, the 
claim language lacks the necessary computer readable storage medium, and as such fails to fall 
within one of four statutory categories of invention according to 35 U.S.C. 101. Therefore, claim 
21 is non-statutory. 



With respect to claim 22, it is rejected as being dependent upon rejected claim 21 . 



5. Claim 1 1 is rejected under 35 U.S.C. 101 because it fails to produce a real-world result. 
Claim 1 1 relates to a method of preventing illegitimate use of a network protocol, however the 
claimed method does not produce a real-world result that is useful, tangible, and concrete. 

In determining whether the claim is for a "practical application," the focus is not on 
whether the steps taken to achieve a particular result are useful, tangible, and concrete, but rather 
that the final resuh achieved by the claimed invention is "useful, tangible, and concrete." In the 
instant application claim 1 1 , the mere calculating a delay and forwarding packets of said stream 
after said delay do not produce a "usefiil, tangible, and concrete" result of preventing the 
illegitimate use of a network protocol, and the applicant has not claimed a final result that is 
"usefiil, tangible, and concrete" outside of the method its self 



Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 
basis for the rejections under this section made in this Office action: 



102 that form the 
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A person shall be entitled to a patent unless - 

(a) the mvention was known or used by others in tbis country, or patented or described in a printed publication in this 
or a foreign country, before the invention thereof by the applicant for a patent. 

7. Claim 11, and 19-22 are rejected under 35 U.S. C. 102(a) as being anticipated by 
Williamson, "Throttling Viruses: Restricting propagation to defeat malicious mobile code", 
Practical Solutions to Real Security Problems 2002 Conference, December 9, 2002. 

With respect to claim 11, Williamson teaches the limitations of "calculating a delay that 
is an increasing fimction of the bit rate of a stream coming from a machine" and "forwarding 
packets of said stream after said delay" (page 1, column 2, paragraph 2 from the top) as a filter 
on the network stack that uses a series of timeouts to restrict the rate of connections to new hosts 
such that most natural traffic is un-affected. Any traffic which attempts to connections at higher 
rate is delayed. The delays introduced by the timeouts are such that false positives are tolerated 
with small delays, but malicious traffic is heavily penalized. 

With respect to claim 19, Williamson teaches the limitation of "a device for processing a 
stream of data packets coming from a machine, wherein the device comprises delay means for 
delaying forwarding of the stream coming from said machine by a delay that is an increasing 
function of the bit rate of said stream" (page 1 , column 2, paragraph 2 from the top) as a filter on 
the network stack that uses a series of timeouts to restrict the rate of connections to new hosts 
such that most natural traffic is un-affected. Any traffic which attempts to connections at higher 
rate is delayed. The delays introduced by the timeouts are such that false positives are tolerated 
with small delays, but malicious traffic is heavily penalized. 
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With respect to claim 20, Williamson teaches the limitation of "a telecommunications 
system adapted to process data traffic comprising at least one stream of data packets coming 
from a machine, wherein the system comprises delay means for delaying forwarding of at least 
one stream coming from said machine by a delay that is an increasing ftinction of said bit rate" 
(page 1, column 2, paragraph 2 from the top) as a fiher on the network stack that uses a series of 
timeouts to restrict the rate of connections to new hosts such that most natural traffic is un- 
affected. Any traffic which attempts to connections at higher rate is delayed. The delays 
introduced by the timeouts are such that false positives are tolerated with small delays, but 
malicious traffic is heavily penalized. 

Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 1 02 ol' this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

9. Claims 12-18 is rejected under 35 U.S.C. 103(a) as being unpatentable over Williamson, 
"Throttling Viruses: Restricting propagation to defeat malicious mobile code". Practical 
Solutions to Real Security Problems 2002 Conference, December 9, 2002 in view of Belissent 
(WO 02/01834 A2) and frirther in view of Kaashoek et al. (US 2002/0035683 Al). 

With respect to claim 12, it is noted that Williamson does not teach the limitation of "the 
delay ftinction depends on the value of a count (CPTN) of data packets of said sfream." 
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On the other hand, Belissent teaches (page 9, lines 6-11) that if, during the previous 
throttling interval, there are connections in excess of the slowdown threshold, then what is 
referred to as a wait time is used to delay the incoming connections request stream. In particular, 
the wait time is related to the number of connection request above the slowdown threshold as 
referred to as a slowdown rate. 

It is further noted, that even though Belissent teaches the slowdown time being related to 
the number of detected connection request, he does not explicitly teach detecting the data 
packets. 

However, Kaashoek teaches (page 5, paragraph 0056) that the monitoring process in the 
gateway can examine a ratio of incoming to outgoing TCP packets for a particular set of 
machines. The monitoring process can compare the ratio to a threshold value. 

It would have been obvious to one of the ordinary skill in the art at the time of the 
invention to incorporate teachings of Belissent and Kaashoek into the system of Williamson 
because it would provide a more robust method of throttling the traffic by making the delay 
dependent on the number of actual connection requests. 

With respect to claim 13, examiner interprets the limitation of "the delay function has a 
positive second derivative" as the delay time is increasing with the increasing number of detected 
packets. In view of this interpretation, Williamson teaches the abovementioned limitation (page 
3, column 1, paragraph 2 from the top) as if the attack rate is a lot greater than the allowed rate, 
then the delay queue will grow at roughly the attack rate, and the delay to the individual 
connections will grow as the queue lengths grow. 
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With respect to claim 14, Williamson teaches the limitation of "a step of determining a 
maximum permissible value (CPTMAXN) of the bit rate for the stream" (page 3, column 1, first 
paragraph from the top) as if the time between timeouts is d, then the system limits the rate of 
connection to new hosts taiiowed = 1/d. 

It is noted that Williamson does not explicitly teach the limitation of "a step of destroying 
waiting data packets if the number of data packets that has arrived exceeds the maximum 
permissible value (CPTMAXN)." 

On the other hand, Belissent teaches the abovementioned limitation (page 5, lines 8-10) 
as if the interval m connection request count is determined to be greater than a rejection 
threshold associated with the requesting client then the connection request is rejected. 

It would have been obvious to one of the ordinary skill in the art at the time of the 
invention to incorporate teachings of Belissent into the system of Williamson to prevent the 
malicious traffic from reaching the system. 

With respect to claim 15, Williamson teaches the limitation of "a step of stopping the 

calculation of the delay for said stream if the count (CTPN) of packets is below a predefined 
value" (page 3, coliimn 1, paragraph 5 from the top) as rates lower than raUowed are not affected. 

With respect to claim 16, it is noted that neither of Williamson, Belissent, or Kaashoek 
explicitly teach the limitation of "the stream under surveillance is of the signaling protocol type." 
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On the other hand, examiner taken an official notice that signaling protocols like ISDN 
are well known in the art, and therefore it would have been obvious to one of the ordinary skill in 
the art at the time of the invention to apply the system of Williamson, Belissent, and Kaashoek to 
monitor such a protocol. 

With respect to claim 17, Williamson teaches the limitation of "a step of detecting a 
change of the bit rate associated with said stream toward a maximum value and a maximum 
reduction of said bit rate toward a zero bit rate" (page 3, column 1, paragraph 5 from the top) as 
by monitoring the delay queue, rapid spreading behavior can be quickly detected and the 
offending program stopped. 

It is noted, however, that Williamson does not explicitly teach the limitation of "a step of 
producing and sending an alarm." 

On the other hand, Kaashoek teaches the abovementioned limitation (page 5, paragraph 
0057) as the gateway divides network traffic into multiple buckets, e.g. by source network 
address, and fracks the ratio of ingoing to outgoing traffic for each bucket. As the ratio for one 
bucket becomes skewed, the gateway may subdivide that bucket to obtain more detailed view. 
The gateway raises a waming or alarm to the data center and/or to the administrator at the victim 
site. 

It would have been obvious to one of the ordinary skill in the art at the time of the 
invention to incorporate teachings of Kaashoek into the system of Williamson to provide a fast 
response to the ongoing attack by informing the involved personnel. 
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With respect to claim 18, Williamson teaches the limitations of "in a normal operation 
step during which the protocol is used as intended, the packet count retains a value less than a 
predetermined value and greater than or equal to 0", "in an abnormal operation step during which 
the system is subject to an attack, the count increases", and "in a subnormal operation step during 
which the system is used momentarily beyond its limits, the count retains a value less than a 
predefined value" (page 3, column 1, paragraph 5) as rates lower than raUowed are not affected. 
Furthermore, (page 3, column 1, paragraph 2) if the attack rate is a lot greater than the allowed 
rate, then the delay queue will grow at roughly the attack rate, and the delay to the individual 
connections will grow as the queue length grows. Finally, (page 3, column 1, paragraph 4) for 
low rates of attack the queue size and thus the delays grow slowly. This means that if a normal 
program has a brief period where it's rate is greater than allowed, there will be some delay, but 
the delays should be small. 

With respect to claims 21 and 22, it is noted that Williamson does not explicitly teach the 
limitations of "a computer program including instructions for executing the steps of the method 
according to claim 1 1 when said program is executed on a computer" and "a processor adapted 
to execute the computer program according to claim 21." 

On the other hand, Belissent teaches the abovementioned limitations as a computer 
readable media including computer program code for preventing a denial of service attack by a 
requesting client on a server computer. It is interpreted by examiner that the server computer 
comprises a processor to implement the instructions of the computer program. 
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It would have been obvious to one of the ordinary skill in the art at the time of the 
invention to incorporate teachings of Belissent and Williamson to implement the method taught 
by Williamson as a computer code to eliminate the expenses associated with the development of 
the hardware system. 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to KONSTANTIN SHEPELEV whose telephone number is 
(571)270-5213. The examiner can normally be reached on Mon - Thu 8:30 - 18:00, Fri 8:30 - 
17:00. 

If attempts to reach the examiner by telephone are unsuccessfiil, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on (571)272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Konstantin Shcpelcv/ 10/22/2008 
Examiner, Art Unit 2431 
/Syed Zia/ 

Primary Examiner, Art Unit 243 1 



